workbench-repo-brand-uplift

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to inspect and read public GitHub repository content (see Workflow steps: "Inspect live repo state" and "Read current README.md, package metadata, docs map, examples, and public assets") and to base edits/decisions on that untrusted, user-generated material, creating a clear pathway for indirect prompt injection.